E-Book
39,99 €

Android Hacker's Handbook E-Book

Joshua J. Drake

4,8

39,99 €

oder

Leseprobe lesen

Sammeln Sie Punkte in unserem Gutscheinprogramm und kaufen Sie E-Books und Hörbücher mit bis zu 100% Rabatt.
Mehr erfahren.

Herausgeber: John Wiley & Sons
Kategorie: Wissenschaft und neue Technologien
Sprache: Englisch

Beschreibung

The first comprehensive guide to discovering and preventing attacks on the Android OS As the Android operating system continues to increase its share of the smartphone market, smartphone hacking remains a growing threat. Written by experts who rank among the world's foremost Android security researchers, this book presents vulnerability discovery, analysis, and exploitation tools for the good guys. Following a detailed explanation of how the Android OS works and its overall security architecture, the authors examine how vulnerabilities can be discovered and exploits developed for various system components, preparing you to defend against them. If you are a mobile device administrator, security researcher, Android app developer, or consultant responsible for evaluating Android security, you will find this guide is essential to your toolbox. * A crack team of leading Android security researchers explain Android security risks, security design and architecture, rooting, fuzz testing, and vulnerability analysis * Covers Android application building blocks and security as well as debugging and auditing Android apps * Prepares mobile device administrators, security researchers, Android app developers, and security consultants to defend Android systems against attack Android Hacker's Handbook is the first comprehensive resource for IT professionals charged with smartphone security.

Details

Sie lesen das E-Book in den Legimi-Apps auf:

Android

iOS

von Legimi
zertifizierten E-Readern

Seitenzahl: 813

Veröffentlichungsjahr: 2014

Bewertungen

4,8 (18 Bewertungen)

Rezensionen(0 Rezensionen)

Leseprobe

Cover

Chapter 1: Looking at the Ecosystem

Understanding Android's Roots

Understanding Android Stakeholders

Grasping Ecosystem Complexities

Summary

Chapter 2: Android Security Design and Architecture

Understanding Android System Architecture

Understanding Security Boundaries and Enforcement

Looking Closer at the Layers

Complex Security, Complex Exploits

Summary

Chapter 3: Rooting Your Device

Understanding the Partition Layout

Understanding the Boot Process

Locked and Unlocked Boot Loaders

Rooting with an Unlocked Boot Loader

Rooting with a Locked Boot Loader

History of Known Attacks

Summary

Chapter 4: Reviewing Application Security

Common Issues

Case Study: Mobile Security App

Case Study: SIP Client

Summary

Chapter 5: Understanding Android's Attack Surface

An Attack Terminology Primer

Classifying Attack Surfaces

Remote Attack Surfaces

Physical Adjacency

Local Attack Surfaces

Physical Attack Surfaces

Third-Party Modifications

Summary

Chapter 6: Finding Vulnerabilities with Fuzz Testing

Fuzzing Background

Fuzzing on Android

Fuzzing Broadcast Receivers

Fuzzing Chrome for Android

Fuzzing the USB Attack Surface

Summary

Chapter 7: Debugging and Analyzing Vulnerabilities

Getting All Available Information

Choosing a Toolchain

Debugging with Crash Dumps

Remote Debugging

Debugging Dalvik Code

Debugging Native Code

Debugging Mixed Code

Alternative Debugging Techniques

Vulnerability Analysis

Summary

Chapter 8: Exploiting User Space Software

Memory Corruption Basics

A History of Public Exploits

Exploiting the Android Browser

Summary

Chapter 9: Return Oriented Programming

History and Motivation

Basics of ROP on ARM

Case Study: Android 4.0.1 Linker

Summary

Chapter 10: Hacking and Attacking the Kernel

Android's Linux Kernel

Extracting Kernels

Running Custom Kernel Code

Debugging the Kernel

Exploiting the Kernel

Summary

Chapter 11: Attacking the Radio Interface Layer

Introduction to the RIL

Short Message Service (SMS)

Interacting with the Modem

Summary

Chapter 12: Exploit Mitigations

Classifying Mitigations

Code Signing

Hardening the Heap

Protecting Against Integer Overflows

Preventing Data Execution

Address Space Layout Randomization

Protecting the Stack

Format String Protections

Read-Only Relocations

Sandboxing

Fortifying Source Code

Access Control Mechanisms

Protecting the Kernel

Other Hardening Measures

Summary of Exploit Mitigations

Disabling Mitigation Features

Overcoming Exploit Mitigations

Looking to the Future

Summary

Chapter 13: Hardware Attacks

Interfacing with Hardware Devices

Identifying Components

Intercepting, Monitoring, and Injecting Data

Stealing Secrets and Firmware

Pitfalls

Summary

Appendix A: Tool Catalog

Development Tools

Firmware Extraction and Flashing Tools

Native Android Tools

Hooking and Instrumentation Tools

Static Analysis Tools

Application Testing Tools

Hardware Hacking Tools

Appendix B: Open Source Repositories

Google

SoC Manufacturers

OEMs

Upstream Sources

Others

Appendix C: References

Chapter 1

Chapter 2

Chapter 3

Chapter 4

Chapter 5

Chapter 6

Chapter 7

Chapter 8

Chapter 9

Chapter 10

Chapter 11

Chapter 12

Chapter 13

General References

Introduction

Overview of the Book and Technology

How This Book Is Organized

Who Should Read This Book

Tools You Will Need

What's on the Website

Bon Voyage

End User License Agreement

Pages

xxv

xxvi

xxvii

xxviii

xxix

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

501

502

503

504

505

506

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

522

Guide

Table of Contents

List of Illustrations

Figure 1.1

Figure 1.2

Figure 1.3

Figure 1.4

Figure 2.1

Figure 2.2

Figure 2.3

Figure 2.4

Figure 3.1

Figure 3.2

Figure 3.3

Figure 3.4

Figure 4.1

Figure 4.2

Figure 4.3

Figure 4.4

Figure 4.5

Figure 4.6

Figure 4.7

Figure 4.8

Figure 4.9

Figure 4.10

Figure 4.11

Figure 5.1

Figure 5.2

Figure 5.3

Figure 5.4

Figure 5.5

Figure 5.6

Figure 5.7

Figure 6.1

Figure 6.2

Figure 6.3

Figure 6.4

Figure 7.1

Figure 7.2

Figure 7.3

Figure 7.4

Figure 7.5

Figure 7.6

Figure 7.7

Figure 7.8

Figure 8.1

Figure 8.2

Figure 8.3

Figure 8.4

Figure 8.5

Figure 8.6

Figure 8.7

Figure 8.8

Figure 8.9

Figure 8.10

Figure 8.11

Figure 8.12

Figure 9.1

Figure 9.2

Figure 9.3

Figure 9.4

Figure 9.5

Figure 9.6

Figure 9.7

Figure 10.1

Figure 10.2

Figure 10.3

Figure 11.1

Figure 11.2

Figure 11.3

Figure 11.4

Figure 12.1

Figure 13.1

Figure 13.2

Figure 13.3

Figure 13.4

Figure 13.5

Figure 13.6

Figure 13.7

Figure 13.8

Figure 13.9

Figure 13.10

Figure 13.11

Figure 13.12

Figure 13.13

Figure 13.14

Figure 13.15

Figure 13.16

Figure 13.17

Figure 13.18

Figure 13.19

Figure 13.20

Figure 13.21

Figure 13.22

Figure 13.23

Figure 13.24

Figure 13.25

Figure 13.26

Figure 13.27

Figure 13.28

Figure 13.29

Figure 13.30

Figure 13.31

Figure 13.32

Figure 13.33

Figure 13.34

Figure 13.35

Figure 13.36

Figure 13.37

Figure 13.38

Figure 13.39

Figure 13.40

Figure 13.41

Figure 13.42

Figure 13.43

Figure 13.44

Figure 13.45

Figure 13.46

Figure 13.47

Figure 13.48

List of Tables

Table 2.1

Table 2.2

Table 2.3

Table 2.4

Table 5.1

Table 5.2

Table 7.1

Table 10.1

Table 12.1

Table 12.2

Chapter 1Looking at the Ecosystem

The word Android is used correctly in many contexts. Although the word still can refer to a humanoid robot, Android has come to mean much more than that in the last decade. In the mobile space, it refers to a company, an operating system, an open source project, and a development community. Some people even call mobile devices Androids. In short, an entire ecosystem surrounds the now wildly popular mobile operating system.

This chapter looks closely at the composition and health of the Android ecosystem. First you find out how Android became what it is today. Then the chapter breaks down the ecosystem stakeholders into groups in order to help you understand their roles and motivations. Finally, the chapter discusses the complex relationships within the ecosystem that give rise to several important issues that affect security.

Understanding Android's Roots

Android did not become the world's most popular mobile operating system overnight. The last decade has been a long journey with many bumps in the road. This section recounts how Android became what it is today and begins looking at what makes the Android ecosystem tick.

Company History

Android began as Android, Inc., a company founded by Andy Rubin, Chris White, Nick Sears, and Rich Miner in October 2003. They focused on creating mobile devices that were able to take into account location information and user preferences. After successfully navigating market demand and financial difficulties, Google acquired Android, Inc., in August 2005. During the period following, Google began building partnerships with hardware, software, and telecommunications companies with the intent of entering the mobile market.

In November 2007, the Open Handset Alliance (OHA) was announced. This consortium of companies, which included 34 founding members led by Google, shares a commitment to openness. In addition, it aims to accelerate mobile platform innovation and offer consumers a richer, less expensive, and better mobile experience. The OHA has since grown to 84 members at the time this book was published. Members represent all parts of the mobile ecosystem, including mobile operators, handset manufacturers, semiconductor companies, software companies, and more. You can find the full list of members on the OHA website at www.openhandsetalliance.com/oha_members.html.

With the OHA in place, Google announced its first mobile product, Android. However, Google still did not bring any devices running Android to the market. Finally, after a total of five years, Android was made available to the general public in October 2008. The release of the first publicly available Android phone, the HTC G1, marked the beginning of an era.

Lesen Sie weiter in der vollständigen Ausgabe!

Tausende von E-Books und Hörbücher

Ihre Zahl wächst ständig und Sie haben eine Fixpreisgarantie.

Sie haben über uns geschrieben: